Microsoft Azure Artificial Intelligence (AI) is going fast in the Cloud, It can support you with the tools you use like Azure CLI for example to manage Azure resources. But AI can support you in Security too, like Microsoft Security Copilot
Microsoft security CoPilot Create a visual to explain.
But I was busy with Windows Terminal in Windows 11 Insider Preview Build and Azure Cloud Shell.
First getting the latest Build of Azure CLI in my Windows Terminal :
az upgrade
Installing Azure CLI 2.48.1
Click on Install
Click on Finish
For the Changes you need to Restart your machine.
After the reboot we have the Newest Azure CLI Version 2.48.1
Login Azure with Windows Terminal.
I’m connected with Azure via Windows Terminal Azure Cloud Shell.
Here I’m checking if I have a Connection with Azure AI-examples :
az ai-examples check-connection
Connection was successful.
The Azure AI knowledge base made me find examples 🙂
When a command is incomplete or wrong, the AI knowledge base is doing a suggestion and gives a link to Microsoft docs.
Conclusion
This is where I Like Microsoft Azure Artificial Intelligence (AI) to make my IT Management easier and faster to do the job.
It’s supporting me in my work and not doing things I don’t like. It’s going fast with AI and It’s important to keep it in Control for doing IT Management tasks.
Microsoft Azure Arc Services is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems. Do more with less by leveraging your existing investments to modernize with cloud-native solutions.
Azure Arc Control Plane
So with this Awesome Microsoft Feature Azure Arc, I have connected my Windows Insiders Domain mvplab.local servers like a Windows Server Insider Domain Controller, Windows Server Insider Cluster with a SQL Instance on it and Windows 11 Insider Preview Build in the Beta Channel domain joined. Here you can find how to install the Azure Arc Agent on your Servers
Microsoft Azure Arc comes with great features like Azure Security with Cloud Defender to keep your Azure Arc enabled Servers as secure as possible. Azure Policies is very handy to keep your IT governance on every Server the same. With inventory and Change tracking you are in control to get the right information of your machines. Monitoring your Azure Arc enabled servers with Insights and Log analytics is very powerful. But for now I’m going to use Updates feature of Azure Arc enabled Windows 11 Insider Preview Build machine.
Important :Â I’m working with Windows Server Insider preview Build and Windows 11 Insider Preview Build.
They are for testing purpose only and not for production environments!
Of course you can use Windows Server 2019 / 2022 or Windows 10 / 11 Build with Azure Arc 🙂
Here we have Windows 11 Insider Preview Build with new Updates in the Beta Channel. Click on One time Update
I’m going to update this Azure Arc enabled Windows 11 Insider preview Build once manually but you can schedule updates also and use Update Management Center.
Select the Machine and Click on Next
Here you can select the updates or exclude updates. Then Click on Next
Here you can set the Reboot option and
Maintenance Window in minutes. Click on Next
Review and Click on Install
Install Updates Request is submitted.
At Updates of your Azure Arc enabled Machine you can open Update Management Center
Here you can see the Complete Overview of the Updates on your Machines.
Left under you see the 3 updates for the Windows 11 Insider Beta Build.
When you Click on the left panel on Machines you get this status overview.
When you click on History you will see the status in progress.
You have seen how easy it is to work with Microsoft Azure Arc services to manage your Virtual Machine with Updates, when you have lot of Virtual Machines / Servers to manage you can configure them once and do this automatically via schedule tasks for every month. Now I can manage my on-prem Servers / machines in the same way I do the Microsoft Azure Virtual Machines.
So this was only Updates, but you can do the same for Security and keep your machines secure by default with the same Azure policies on your machines for IT Governance. Hope you see the benefits of Azure Hybrid and please start your own journey.
When you have a test environment, please consider the Microsoft Windows Insider program for Windows 11 Insider Builds and for Windows Server Insider Build to work with the newest features and getting experience before GA becomes available.
With Microsoft Prerelease Software like Windows Server Insider Preview Builds, you can experience and test the new features in your Test environment before it’s GA and in your production datacenter(s). First you have to register for the Windows Server Insider program here
Then you can download the Windows Server Insider Preview Build.
I’m updating my mvplab.local domain.
With this you can Build your own test environment and experience the new features in Windows Server Insider Preview Builds.
The Microsoft Windows Server Insider Team is also on Microsoft Tech Community.
Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only.
Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only.
Microsoft Server Languages and Optional Features Preview
Keys:Â Keys are valid for preview builds only
Server Standard:Â MFY9F-XBN2F-TYFMP-CCV49-RMYVH
Datacenter:Â 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Azure Edition does not accept a key
Expiration:Â This Windows Server Preview will expire September 15, 2023.
Installing Windows Server Insider Preview Build 25314
For the Microsoft Product Group it’s important to give your feedback when you have ideas or experience some issues with these Windows Server Insider Preview Builds. Here you find more information about the Feedback Hub.
With this you can build great Hybrid Solutions with Windows Server Insider Preview Build Clusters which is connected with
Microsoft Azure Arc Services for Azure Hybrid IT Solutions. In this way you can test new experiences before you go into production and learn a lot of what you can do! Here you can read more about Azure Arc enabled Servers
My Domain Controller is Up-to-date with the Newest Windows Server Insider Preview Build 25314 for now 😉
With Windows Server Insider Preview Build you can make your own environment, with your own domain, Clusters, Hybrid Servers or build your environment for Containers. You can experience and test for example Windows Server Insider Preview Azure edition with Hot Patching feature on. Start today with Microsoft Windows Server Insider Preview Builds and Share your feedback with Microsoft.
With Windows Admin Center in the Azure portal you can manage the Windows Server operating system of your Arc-enabled servers, known as hybrid machines. You can securely manage hybrid machines from anywhere–without needing a VPN, public IP address, or other inbound connectivity to your machine.
With Windows Admin Center extension in Azure, you get the management, configuration, troubleshooting, and maintenance functionality for managing your Arc-enabled servers in the Azure portal. Windows Server infrastructure and workload management no longer requires you to establish line-of-sight or Remote Desktop Protocol (RDP)–it can all be done natively from the Azure portal. Windows Admin Center provides tools that you’d normally find in Server Manager, Device Manager, Task Manager, Hyper-V Manager, and most other Microsoft Management Console (MMC) tools.
In the following steps we will install Azure Windows Admin Center (Preview) on a Microsoft Azure Arc enabled Server from the Azure Portal.
Click on Windows Admin Center (Preview) on the Left side.
Then click op Setup
Set the port.
Click on Install
Installing extension Windows Admin Center
At the Activity log you can follow the installation.
and See the Quick Insights
No Problems here 😉
Let’s Connect
Sign in with your Username and Password
Running Windows Admin Center from the Azure Portal.
Azure Windows Admin Center of the Azure Arc enabled Server.
PowerShell session remote on the Azure Arc enabled Server.
Events of the Azure Arc enabled Server.
Conclusion
With Microsoft Azure Windows Admin Center and Azure Arc enabled Servers you can manage your servers from anywhere.
You got all the benefits of Microsoft Azure Hybrid features. Try it yourself, Windows Admin Center is still in preview and for testing only.
You can experience this awesome Azure Hybrid solution before it goes in production 😉
Watch AKS Edge Essentials Architecture with @liorkamrat
The following Jumpstart scenario will show how to create an AKS Edge Essentials cluster in Azure Windows Server VM and connect the Azure VM and AKS Edge Essentials cluster to Azure Arc using Azure ARM Template. The provided ARM template is responsible for creating the Azure resources as well as executing the LogonScript (AKS Edge Essentials cluster creation and Azure Arc onboarding (Azure VM and AKS Edge Essentials cluster)) on the Azure VM.
Azure Arc-enabled servers lets you manage Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud providers. VM insights monitors the performance and health of your virtual machines and virtual machine scale sets, including their running processes and dependencies on other resources. It can help deliver predictable performance and availability of vital applications by identifying performance bottlenecks and network issues.
In the following steps you see more Azure Arc Insights of this On-premises domain controller.
Azure Arc Insights Performance monitor
Here you see by default performance counters in a dashboard of the Azure Arc enabled Server :
CPU Utilization
Available Memory
Logical Disk IOPS
Logical Disk MB/s
Max Logical Disk Used %
Bytes sent rate
Bytes received rate
In the right corner you can show your own workbooks.
Azure Arc Insights Map dependencies
I really like this feature to see more Insights of your dependencies with this map. See if there are any communication issues
in your solution is great!
Here you see connections of the Azure Arc enabled domain controller from on-premises.
You even can see if you have Malicious Connections in your process, here they are all green 🙂
Azure Arc Insights Map Changes
You can Investigate Changes
Azure Arc Insights Map Alerts
Here you can Investigate the Alerts.
Azure Arc Insights Overview
Make your own Data Collection Rule.
Here is the Data Source MSVMI-HybridIT
Here you can configure your resources with the Data Sources.
Create your own Data Collection endpoint for your Azure Arc enabled Server
Create your endpoint and select your Tag
with Tags you can set the Owner or cost number on the data collection endpoint.
When It’s ready you can here select the Data collection endpoint for your Server.
We only have Performance Counters, so we will add more Data Sources.
Here you can see some default Data sources.
I select Windows Event Logs.
Here you can configure the event logs and levels to Collect.
I selected only these.
Click on Next : Destination>
Select the right destination.
Then Click on Add Data Source
When you have your Servers Azure Arc enabled, you will work with Azure Arc extensions to work with Azure hybrid features like Defender for Cloud, Azure Monitor, Windows Admin Center and more. For each Azure Arc extension you can get updates, and it’s important to keep them up-to-date for new functionality and security. You have Azure Arc extensions for Windows Servers but also for Linux Servers.
Some of the Azure Arc extensions will automatic upgrade when you have enabled it and some must go manually from the Azure Portal.
More information about Azure Arc extensions you can find them here
In the next steps you will see the Update management of the Azure Arc enabled extensions :
Here I update one extension.
Inside the WindowsOsUpdateExtension
Here you can see that the WindowsOsUpdateExtension is up-to-date
and Status Succeeded
On the right of this screenshot you see Automatic Upgrade and some extensions are enabled, but some are not supported.
That’s why it’s important to check these updates.
Here you can see in the Status that two Azure Arc extensions are updating
And sometimes it failed to update.
But you can see what you can do best with this failed Status.
Here you see the error message and the Tips.
And when you can’t fix it yourself you can make a Support ticket right away.
Here you can see that all the Azure Arc extensions are updated successfully
So I selected all my Azure Arc enabled Servers and updated them all.
Conclusion
With Microsoft Azure Arc enabled Servers you have do some IT management to keep your Azure Arc extensions up-to-date.
I did this without rebooting Servers, just from the Azure Portal update Azure Arc extension.
Here you find more information about Microsoft Azure Arc for Azure Hybrid IT
In earlier MVPLABSerie blogpost I wrote about making your on-premises Servers hybrid with Azure Arc enabled Servers.
In my mvplab.local domain, there is a SQL 2022 Cluster running which also has the Azure Connected Machine Agent version 1.24.
One of the benefits of Azure Arc enabled Servers for SQL is that you can do on-demand SQL Health assessments on your SQL Environment in your On-premises Datacenter. In the following step-by-step guide we will prepare the SQL Cluster nodes.
Here you see that the Azure Connected Machine Agent already is installed.
But it will now add the SQL Extension.
Installation Completed Successfully.
Now we have two Azure Arc enabled SQL Servers connected.
Overview of SQL 2022 Node in Azure Arc.
You can see the Databases running.
Here you can set your Admin from Azure Active Directory.
But we want to do a SQL Assessment, but the Azure Monitoring Agent is still missing.
Here you see that the SQL extension is installed.
Now we will add the Azure Monitor Agent to my existing Log Analytics Workspace.
Click on Add
Select Log Analytics Agent – Azure Arc.
Add your Workspace ID
Add your Workspace Kay
Click on Review + Create
Validation Passed.
Azure Monitoring Agent is Installed.
From here you can do the On-Demand SQL Assessments via
Microsoft Azure Arc enabled SQL Servers.
The SQL Server Assessment focuses on several key pillars, including:
SQL Server configuration
Database design
Security
Performance
Always On
Cluster
Upgrade readiness
Error log analysis
Operational Excellence
Example of SQL Server Assessment results.
On each assessment result you get a recommendation from Microsoft so you can make your SQL environment Health and Secure!
Conclusion
To get these health results of your SQL environment is Awesome 🙂 You are in control of your Azure Hybrid Arc enabled SQL Servers to keep them Healthy and Secure. The following Azure Arc enabled SQL Server blogpost is about Azure Defender for Cloud for your SQL Servers. With these two Azure Arc for SQL Server features you get the best Insights to keep your data as save as possible.
Microsoft Azure Update Management Center (Preview)
Update management center (preview) is a unified service to help manage and govern updates for all your machines. You can monitor Windows and Linux update compliance across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard. Using Update management center (preview), you can make updates in real-time or schedule them within a defined maintenance window. Here you can find more information about Azure Update Management Center
In the following step-by-step guide, we will start with Azure Update Management Center (Preview) and Microsoft Azure Arc enabled Windows Servers running on-premises in my mvplab.local domain.
With getting started you can configure the environment.
I start here with my Azure Arc enabled Storage Server.
Updates installed on the Azure Arc Enabled Windows Server.
In Azure Update Management Center Overview Dashboard
you can see that one machine is completed.
For Monitoring you can make your own workbooks.
I like this History, to see if updates are successful or not.
Conclusion
Microsoft Azure Update Management Center is still in Preview but it’s a new way to manage all of your updates on your Servers on-premises with Azure Arc enabled, or on Azure Cloud, but also in other Clouds if you want. One Update Management Center from the Azure Portal is Awesome to work with and gives you control and overview of your update compliance in your datacenter(s). Important: This Great tool is still in preview and not for production environments yet until it’s made GA by Microsoft and you have the full support on this awesome management tool.